Sign-up

ID

VAR-201804-0646


CVE

CVE-2017-15327


TITLE

plural Huawei Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-013294

DESCRIPTION

S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure. HuaweiS12700 is an enterprise-class switch product from China's Huawei company. The Huawei S7700 and S9700 are Huawei's intelligent routing switches. A security vulnerability exists in the Huawei S12700, S7700, and S9700. The following products are affected: Huawei S12700 V200R005C00 Version, V200R006C00 Version, V200R006C01 Version, V200R007C00 Version, V200R007C01 Version, V200R007C20 Version, V200R008C00 Version, V200R008C06 Version, V200R009C00 Version, V200R010C00 Version; S7700 V200R001C00 Version, V200R001C01 Version, V200R002C00 Version, V200R003C00 Version, V200R005C00 Version, V200R006C00 Version, V200R006C01 Version, V200R007C00 Version, V200R007C01 Version, V200R008C00 Version, V200R008C06 version version, V200R009C00 Version, V200R010C00 Version; S9700 V200R001C00 Version, V200R001C01 Version, V200R002C00 Version, V200R003C00 Version, V200R005C00 Version, V200R006C00, V200R006C01, V200R007C00 Version , version V200R007C01, version V200R008C00, version V200R009C00, version V200R010C00

Trust: 2.34

sources: NVD: CVE-2017-15327 // JVNDB: JVNDB-2017-013294 // CNVD: CNVD-2018-06688 // VULHUB: VHN-106138 // VULMON: CVE-2017-15327

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-06688

AFFECTED PRODUCTS

vendor:huaweimodel:s7700scope:eqversion:v200r010c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r009c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r001c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r006c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r007c01

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r010c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r006c01

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r005c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:s12700scope:eqversion:v200r007c20

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r008c06

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r006c01

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r010c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r007c01

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r001c01

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r002c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r003c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r001c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r006c01

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r008c06

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r009c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r008c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r003c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r007c01

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r001c01

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r007c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r002c00

Trust: 1.0

vendor:huaweimodel:s12700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s7700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s7700 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r003c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r007c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r007c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r001c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r006c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r007c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r007c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r010c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r009c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r006c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r008c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r008c06scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r006c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r007c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r008c06scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r001c01scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r006c01scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-06688 // JVNDB: JVNDB-2017-013294 // CNNVD: CNNVD-201804-530 // NVD: CVE-2017-15327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15327
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-15327
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-06688
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201804-530
value: MEDIUM

Trust: 0.6

VULHUB: VHN-106138
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-15327
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-15327
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-06688
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-106138
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15327
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-06688 // VULHUB: VHN-106138 // VULMON: CVE-2017-15327 // JVNDB: JVNDB-2017-013294 // CNNVD: CNNVD-201804-530 // NVD: CVE-2017-15327

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-106138 // JVNDB: JVNDB-2017-013294 // NVD: CVE-2017-15327

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-530

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-530

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013294

PATCH
title:huawei-sa-20180328-01-authenticationurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en
Trust: 0.8
title:Patches for improperly exploited vulnerabilities in various Huawei switchesurl:https://www.cnvd.org.cn/patchInfo/show/124285
Trust: 0.6
title:Huawei S12700 , S7700  and S9700 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83292
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-06688 // 
            
            
            
            JVNDB: JVNDB-2017-013294 // 
            
            
            
            CNNVD: CNNVD-201804-530

EXTERNAL IDS
db:NVDid:CVE-2017-15327
Trust: 3.2
db:JVNDBid:JVNDB-2017-013294
Trust: 0.8
db:CNNVDid:CNNVD-201804-530
Trust: 0.7
db:CNVDid:CNVD-2018-06688
Trust: 0.6
db:VULHUBid:VHN-106138
Trust: 0.1
db:VULMONid:CVE-2017-15327
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-06688 // 
            
            
            
            VULHUB: VHN-106138 // 
            
            
            
            VULMON: CVE-2017-15327 // 
            
            
            
            JVNDB: JVNDB-2017-013294 // 
            
            
            
            CNNVD: CNNVD-201804-530 // 
            
            
            
            NVD: CVE-2017-15327

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15327
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15327
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180328-01-authentication-cn
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-06688 // 
            
            
            
            VULHUB: VHN-106138 // 
            
            
            
            VULMON: CVE-2017-15327 // 
            
            
            
            JVNDB: JVNDB-2017-013294 // 
            
            
            
            CNNVD: CNNVD-201804-530 // 
            
            
            
            NVD: CVE-2017-15327

SOURCES
db:CNVDid:CNVD-2018-06688
db:VULHUBid:VHN-106138
db:VULMONid:CVE-2017-15327
db:JVNDBid:JVNDB-2017-013294
db:CNNVDid:CNNVD-201804-530
db:NVDid:CVE-2017-15327

LAST UPDATE DATE
2024-11-23T22:17:36.075000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06688date:2018-03-29T00:00:00
db:VULHUBid:VHN-106138date:2018-05-23T00:00:00
db:VULMONid:CVE-2017-15327date:2018-05-23T00:00:00
db:JVNDBid:JVNDB-2017-013294date:2018-06-19T00:00:00
db:CNNVDid:CNNVD-201804-530date:2018-04-12T00:00:00
db:NVDid:CVE-2017-15327date:2024-11-21T03:14:28.293

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-06688date:2018-03-29T00:00:00
db:VULHUBid:VHN-106138date:2018-04-11T00:00:00
db:VULMONid:CVE-2017-15327date:2018-04-11T00:00:00
db:JVNDBid:JVNDB-2017-013294date:2018-06-19T00:00:00
db:CNNVDid:CNNVD-201804-530date:2018-04-12T00:00:00
db:NVDid:CVE-2017-15327date:2018-04-11T17:29:00.147